Replaces yaml.load() with yaml.safe_load()
Yaml.load() return Python object may be dangerous if you receive a YAML document from an untrusted source such as the Internet. The function yaml.safe_load() limits this ability to simple Python objects like integers or lists. Reference: https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html Change-Id: I1f809b4a68e9ec7b7a04cde2b77767cec7434965
This commit is contained in:
parent
c54367035d
commit
b66cfc576c
@ -27,7 +27,7 @@ patch_system = mock.patch('storops.UnitySystem')
|
|||||||
def load_yaml(file_name):
|
def load_yaml(file_name):
|
||||||
yaml_file = '{}/{}'.format(path.dirname(path.abspath(__file__)), file_name)
|
yaml_file = '{}/{}'.format(path.dirname(path.abspath(__file__)), file_name)
|
||||||
with open(yaml_file) as f:
|
with open(yaml_file) as f:
|
||||||
res = yaml.load(f)
|
res = yaml.safe_load(f)
|
||||||
LOG.debug('Loaded yaml mock objects from %s.', yaml_file)
|
LOG.debug('Loaded yaml mock objects from %s.', yaml_file)
|
||||||
return res
|
return res
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user